May 2017
Intermediate to advanced
416 pages
21h 33m
English
The Nmap options -p80--script http-default-accounts initiate the NSE script http-default-accounts if a web server is found on port 80 (-p80).
I developed this NSE script to save time during web penetration tests, by automatically checking whether system administrators have forgotten to change any default passwords in their systems. I've included a few fingerprints for popular services, but this script can be improved a lot by supporting more services. If you have access to a service commonly configured with default credential access, I encourage you to submit new fingerprints to its database. Recently, nnposter posted a big update that improves this script and its database. The supported services so far are:
Read now
Unlock full access